Re: GSOC 2012 project clarification

On Mon, Apr 02, 2012 at 08:48:35PM -0400, Matthew Mondor wrote:
> > > So by
> > > generating some pseudo random numbers we can erase the previous secure
> > > data.
> >
> > I'm not sure that pseudo-random numbers help security in the general
> > case, compared to just zeros. For a plain harddisk, either one is
> > good enough. For a SSD, both are useless. A difference would be
> > if the device was an encrypted disk because all-0 would be a perfect
> > "known plaintext". It should be configurable.
>
> For reference, perhaps see what rm(1) -P option does (and GNU's
> shred(1)), which is a commonly used technique: overwrite with 0xff,
> overwrite with 0x00, then with some pseudo-random data. I'm not sure
> if the last step is necessary, but it's generally recommended to not
> just overwrite with 0x00 but also with 0xff first.
>
> rm(1) tells where to read more:
> The -P option attempts to conform to U.S. DoD 5220-22.M, "National
> Industrial Security Program Operating Manual" ("NISPOM") as updated by
> ...
>
> Some hardware also support the feature, and as a second step it might
> be nice to be able to use this feature where available...
There are a number of scenarios which make any attempt to overwrite
data blocks less efficient than they would otherwise seem. Even
without taking SSDs into account, there's all of the sector sparing
which takes place in drives manufactured in the last 15 years.
Neither would I advocate all of Peter Gutman's 35 passes
http://en.wikipedia.org/wiki/Gutmann_method
(for fairly obvious reasons); I wouldn't even recommend the 7 passes
most US government agencies mandate these days. All of this is way over
the top.
But I'd like the students to look into things a bit more, and tell us
what they propose should be best practise in 2012 and for the next 3-5
years, say.
Regards,
Alistair